1. Field of the Invention
This invention relates to the field of information networks, and more particularly relates to a method and apparatus for classifying and processing network packets.
2. Description of the Related Art
Time-to-live (TTL) is a value (e.g., in an Internet Protocol (IP) packet) that is used by a network device such as a network router to determine whether or not the packet has been in the network too long and, if so, should be discarded. For a number of reasons, packets may not get delivered to their destination in a reasonable length of time. For example, a combination of incorrect routing tables could cause a packet to loop endlessly. A solution is to discard the packet after a certain time and send a message to the originator, who can decide whether or not to resend the packet. Under the Internet Protocol, the initial TTL value is set, usually by a system default, in an 8-binary digit field of the packet header. Originally, TTL was defined as specifying a certain time span in seconds that, when exhausted, would cause the packet to be discarded, and bounded the lifetime of a packet in the Internet.
However, in practice, TTL has not typically been implemented in a manner that accurately reflects the term (with a few exceptions) because of the cost of accounting for the time a packet spends queued. Rather than adjust the TTL on a time value basis, then, each router transited typically uses a simplified process, subtracting one count from the TTL field.
Thus, in effect, the count is usually taken to indicate the number of router hops the packet is allowed before the packet must be discarded (i.e., the TTL is actually implemented as a hop count). In fact, this has been recognized by IPv6 (in which the field has been renamed accordingly). In operation, then, each router that receives a packet subtracts one from the count in the TTL field. When the count reaches zero, the router detecting that condition discards the packet and sends an Internet Control Message Protocol (ICMP) message back to the originating host.
Unfortunately, there is no clear agreement on the correct setting of TTL, and the consequences for setting TTL values too low can be problematic (i.e., failed connectivity). The current TTL default value of 64 (as specified in Network Working Group RFC 1340) is presently more than three years old. Moreover, the default values used in various operating systems cover a substantial range. For example, TTL values in the TCP packets used by various operating systems vary from 30 to 255, as do the TTL values in the UDP packets. At the lower end of this range, packets may never arrive at their intended destination, while at the upper end of this range, packets may float through the Internet much longer than intended or desirable (leading to unnecessary resource consumption (bandwidth, router processing resources and the like)).